Analysis
-
max time kernel
43s -
max time network
152s -
platform
android-10_x64 -
resource
android-x64-20240910-en -
resource tags
-
submitted
09-12-2024 22:03
General
-
Target
25843b325b72bba00ab68ca7f2a7819422ed7c6598d4be58b1688c5567c91ac4.apk
-
Size
3.1MB
-
MD5
a2aec2843977e7005b74defbca0863f4
-
SHA1
9727af06405b9f1f931151fd4dc5b9b7872268f0
-
SHA256
25843b325b72bba00ab68ca7f2a7819422ed7c6598d4be58b1688c5567c91ac4
-
SHA512
a6965b0a1df217800875d247b79382050f08edc809c5f6e25b29f10c9855ebaca6402318f01de620276209c5537b95c7de55c9c3e13b7b7459996172d7022dd0
-
SSDEEP
98304:dzsn82vcpDD4WPEmeBmmaRQ6AnuzK6Y3mzx8V:VmZcpfFs/BmmaXemzyV
Malware Config
Extracted
cerberus
http://51.195.150.249
Signatures
-
Cerberus
An Android banker that is being rented to actors beginning in 2019.
-
Cerberus family
-
Removes its main activity from the application launcher 1 TTPs 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service 4 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Performs UI accessibility actions on behalf of the user 1 TTPs 4 IoCs
Application may abuse the accessibility service to prevent their removal.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.receive.program1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Performs UI accessibility actions on behalf of the user
- Queries the mobile country code (MCC)
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Hide Artifacts
2Suppress Application Icon
1User Evasion
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
54KB
MD53afecd791a5ec231e56464dc0832c647
SHA12fc1bc7ec07138f4fcab373afc4abd10e9c90ddd
SHA2566e2e7a320fd76f250dd11232154ee373a6ae1398fe6bfba4530def8e7f352b7a
SHA512758224b59429237a98c33d690320a50a20eb86145d8a6023145e9e4568bf06cc11356a3a32d78c287100d95c1037c7b234eee6d112b72afce5d90f9ee33b77b4
-
Filesize
54KB
MD5eb41ecd1380c23173db98610d7ebaf37
SHA13b09693ee38665e76ede0d35ce82c0c964b5ad12
SHA256c0b0e145ce681b926784e2e081d6790f9044e1926d5cdd4bb9faadca44b8ce1f
SHA5126b4b3b3c9ec9a54aa625065226be32e7e2e95226f0257bccd9499a5ce1635c9e213d01b1167de408e4e5b599678e08cac8b5b24c4a2926ff5b709ac110197801
-
Filesize
804B
MD577c399cbedfb5fb8cacb97262a4d30c3
SHA18a1ca30072aec95dea2b9836df695534926a3231
SHA2560aba06cb23f1f870d42e2686ea2722934be105a1e273e988280057a562917c41
SHA5120cf0eb6875247842a18e00d33a7e1fe4796c6deb9dfc96d3d9610465417d1d0702a1f4f7c43d32c82307ab7a6ce77fad2ba9b0987a940d3bc7f045939915aba5
-
Filesize
103KB
MD5911666e22b82ead3521944d11a49f578
SHA1ccfca261159f1e77b4bc6f6f751e052425e0488f
SHA256e5bbf12da75f5fa65858f9eba99922c742723e2c6206ee7568f0c16cc4ce6289
SHA512fe2fc73c2fa4156f3d03bffd95bf53d464b520feb3318f4c403e5ea63b71f0cae3b48750398b90e8f75bd00d0a73db758db2cef3733fa6c16294c62bdd61b7e7